The study surveyed corporations in the U.S., Canada, U.K. and Germany to gauge how ransomware affected their operations.

The malware, which can infect a computer and take the data hostage, can be bad for business. 34 percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.

U.S. businesses victimized by the malware generally didn’t suffer a heavy toll and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

The survey also looked at how the ransomware was affecting these enterprises, and found that generally the malware had been designed to affect desktop PCs or laptops. The infection often came through links and attachments inside emails, or from a website or web application.

The response of companies to the threat varied across countries. In the U.S, only 3 percent of the businesses hit by the ransomware decided to pay the hackers.

That’s a big difference from the Canadian businesses surveyed, of which 75 percent said they agreed to pay the ransom.

The survey said this was probably because the ransomware attacks in the U.S. often target lower-level employees and tend to only infect a few computers.

Osterman Research

More amateur cyber criminals are probably indiscriminately spreading ransomware in the U.S. like spam, the survey added. Low-level ransom demands of up to US$500 are prevalent in the U.S. However, high ransom demands of over $10,000 are more common in Germany.

Malwarebytes sponsored Osterman Research to conduct the study by surveying 540 CIOs, CISOs and IT directors across the four countries.